diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if
index 98b8b2d47..99e3903ea 100644
--- a/policy/modules/admin/usermanage.if
+++ b/policy/modules/admin/usermanage.if
@@ -138,6 +138,24 @@ interface(`usermanage_kill_passwd',`
 	allow $1 passwd_t:process sigkill;
 ')
 
+########################################
+## <summary>
+##	Check if the passwd binary is executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`usermanage_check_exec_passwd',`
+	gen_require(`
+		type passwd_exec_t;
+	')
+
+	allow $1 passwd_exec_t:file { execute getattr_file_perms };
+')
+
 ########################################
 ## <summary>
 ##	Execute passwd in the passwd domain, and
@@ -251,6 +269,24 @@ interface(`usermanage_domtrans_useradd',`
 	')
 ')
 
+########################################
+## <summary>
+##	Check if the useradd binaries are executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`usermanage_check_exec_useradd',`
+	gen_require(`
+		type useradd_exec_t;
+	')
+
+	allow $1 useradd_exec_t:file { execute getattr_file_perms };
+')
+
 ########################################
 ## <summary>
 ##	Execute useradd in the useradd domain, and